At 9:14 AM +0100 3/7/06, Pawel Jakub Dawidek wrote:
On Mon, Mar 06, 2006 at 12:08:08PM -0500, John Baldwin wrote:
+> Did you know about the -C option to newsyslog? newsyslog is a
+> better tool for creating the log files since its config file
+> can specify permissions (owner, group, chmod).
I agree, but I didn't removed this functionality from the
newsyslog(8). I wanted to have this simple functionality
in syslogd(8) for a few small reasons:
- I don't really buy that not creating log files is a security
feature.
Creating them with the wrong group, wrong chmod bits, or not
including 'nosave' on logfiles which are expected to be
'nosave' might be a problem.
- You don't always want newsyslog(8) (eg. on a embedded system).
You don't want to rotate logfiles on an embedded system?
- Its more handy to add new log file and just restart syslogd
without any errors, instead of editing newsyslog.conf,
executing newsyslogd -C and then restarting syslogd.
To use this new syslogd feature, you're going to have to add
that '-C' flag somewhere. And in /etc/defaults/rc.conf, we
already have:
newsyslog_enable="YES" # Run newsyslog at startup.
newsyslog_flags="-CN" # Newsyslog flags to create marked files
All you need to do is add a second '-C' to those newsyslog_flags,
and newsyslog will automatically create all log files which do
not exist. And if you're adding a new logfile to /etc/syslog.conf,
then it seems to is very likely that you will also want to add a
line to newsyslog.conf to rotate that log file.
It still would be handy to tell newsyslogd(8) to always
correct owner and permission (which it doesn't do
currently, AFAIK) - root:wheel 0600 should be safe default
for a log file in the meantime.
I believe newsyslog will correct those the next time it rotates
the logfile. I'm not sure it should add code to fix files that
are wrong only because some operation other than newsyslog
created the file, but I suspect it would be easy enough to add
that if people really think it is important.
--
Garance Alistair Drosehn = [EMAIL PROTECTED]
Senior Systems Programmer or [EMAIL PROTECTED]
Rensselaer Polytechnic Institute; Troy, NY; USA
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
